Malware Achieves Privilege Escalation via Windows UAC

Venustus

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
As good as a defensive mechanism User Account Control (UAC) is for Windows users against actions requiring administrator privileges, users can be tricked to run an app with elevated rights without raising any suspicion.

Researchers at Cylance security company developed proof-of-concept malware that can achieve this via Windows Command Prompt (cmd.exe) and the Registry Editor (regedit.exe), although the list of programs can be extended.

The focus was on these two utilities because of their importance on the system, as they are intended for running advanced administrative functions or for modify operating system settings.

More
And
http://blog.cylance.com/trick-me-once-shameonuac
 
  • Like
Reactions: Koroke San, Sr. Normal, silversurfer and 7 others
D

Deleted member 178

ShameOnUAC injects itself into the unprivileged Explorer process, where it hooks SHELL32!AicLaunchAdminProcess and waits for the user to ask to run a program as administrator. It then tampers with the elevation requests before they're sent to the AppInfo service.
Click to expand...

as always , all malware works with unaware and Happy Clickers, if not they all failed to bypass UAC.
 
  • Like
Reactions: Venustus, Kent, silversurfer and 5 others
Cats-4_Owners-2

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Umbra Polaris said:
as always , all malware works with unaware and Happy Clickers, if not they all failed to bypass UAC.
Click to expand...
The higher lesson:
In order to successfully combat malware with UAC we must transform ourselves into more 'Carefully Aware'o_O less 'Happily:p Careless':confused: clickers!

..just say 'no' to Happy unaware malware succumbing clicking!;):D
 
Last edited:
  • Like
Reactions: Venustus, Kent, Sr. Normal and 5 others
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Typical users wanted a clear label to show if this file is a virus or not, UAC by simple concept is ask for higher privilege level so it needs a training eye or supervision to understand it; its not the fault where UAC fails but the user willingly to accept the risk.
 
  • Like
Reactions: Venustus, Cats-4_Owners-2, Kent and 1 other person
D

Deleted member 178

jamescv7 said:
Typical users wanted a clear label to show if this file is a virus or not, UAC by simple concept is ask for higher privilege level so it needs a training eye or supervision to understand it; its not the fault where UAC fails but the user willingly to accept the risk.
Click to expand...

exactly , the main point is that UAC is NOT an AV , it is just a Windows' feature that block the automatic launching of executables , nothing more.
 
You must log in or register to reply here.

Similar threads

Viking
    • Like
    • Wow
    • +Reputation
Hot Take Norton, Avira, Avast, AVG affected by a Privilege Escalation Bug
Replies
3
Views
1,074
Norton
Trident
Trident
MuzzMelbourne
    • Like
    • +Reputation
Terminator antivirus killer is a vulnerable Windows driver in disguise
Replies
0
Views
1,335
News Archive
MuzzMelbourne
MuzzMelbourne
SeriousHoax
    • Like
    • Wow
Magniber ransomware now infects Windows users via JavaScript files
Replies
17
Views
1,657
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top